Configuring Port Security
This chapter describes how to configure the port security feature. Release 12.1(13)E and later releases
support the port security feature.
For complete syntax and usage information for the commands used in this chapter, refer to the
Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
This chapter consists of these sections:
Understanding Port Security
You can use the port security feature to restrict input to an interface by limiting and identifying MAC
addresses of the workstations that are allowed to access the port. When you assign secure MAC
addresses to a secure port, the port does not forward packets with source addresses outside the group of
defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure
MAC address, the workstation attached to that port is assured the full bandwidth of the port.
If a port is configured as a secure port and the maximum number of secure MAC addresses is reached,
when the MAC address of a workstation attempting to access the port is different from any of the
identified secure MAC addresses, a security violation occurs. If a workstation with a secure MAC that
is address configured or learned on one secure port attempts to access another secure port, a violation is
After you have set the maximum number of secure MAC addresses on a port, the secure addresses are
included in an address table in one of these ways:
Understanding Port Security, page 26-1
Default Port Security Configuration, page 26-2
Port Security Guidelines and Restrictions, page 26-2
Configuring Port Security, page 26-3
Displaying Port Security Settings, page 26-5
You can configure all secure MAC addresses by using the switchport port-security mac-address
mac_address interface configuration command.
You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of
You can configure a number of addresses and allow the rest to be dynamically configured.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
C H A P T E R